The Official InMotion Hosting Blog

The New Norm in Cyber World

Being security aware is becoming more and more important in the web hosting world. Over the past year, it has been estimated that the damage caused by DDoS and Hackers is costing the global economy approximately $2.5 Trillion a year in losses. In the first quarter of 2013, DDoS attacks grew by over 700%. If you believe you have never been impacted by a DDoS or Hacker attack, you are wrong. You have been impacted by either a DDoS or Hacker Attack, and you probably lost revenue or customers due to the attack.

Although DDoS are not new and we’ve been hearing about them in the news for years, the types of DDoS attacks are becoming larger and more sophisticated. What is concerning to me is that most individuals and companies who have a web presence don’t even understand what a DDoS attack is or the fact that at some point in the past, their website has been impacted by a DDoS Attack.

What is a Denial of Service attack (DoS)? A DoS attack is quite simple. The attacker attempts to prevent a website from functioning properly by sending a large amount of requests or other traffic to the target website causing it to become unresponsive.

With all the great advances in technology, there is always someone trying to exploit the technology to do harm. When companies started using distributive technologies for business purposes, attackers started using distributive technologies to enhance their attacks. Just a few years ago, a large DDoS attack was 10-20mbs of traffic. Today, we regularly see DDoS attacks between 2-4gbs in size and we have seen attacks as large as 10gbs. There have been reports of DDoS attacks exceeding 100gbs.

DDoS attackers are extremely clever, and believe it or not, you may have unknowingly helped one of the attackers to attack another site. It’s true! You may be helping a DDoS attacker right now and don’t even know it. DDoS attackers are always looking for ways to exploit computer systems to host their attacks. Attackers use several techniques to gain access to systems. The most common are:

A malicious program is installed on your system and connects it to a hidden server, enabling the hacker to gain enough control of your system.

A malicious program is installed on your system allowing the hacker to monitor your key strokes, thus providing the hacker with account information.

Hackers gain access to systems through a security exploit in an application.

Once a system has been compromised, the attacker connects your systems to other compromised systems forming a botnet. Once the attacker has enough resources to take down the intended target, the attack is on! The next thing you know, your IP address is being blocked and your customers are no longer able to get to your website.

Not all hackers are interested in sending DDoS attacks. In many cases, the hackers are interested in using your compromised system to send out email SPAM. This has been a growing trend throughout the industry. Over the past year, we have seen a steady increase in customers’ sites being exploited to send SPAM.

The reason for this trend is quite simple. Most people who have an individual website don’t understand the need to keep their website application(s) up-to-date with the latest security patches, creating a bigger risk for a hacker to exploit the vulnerability. Recently one of the major content management systems (CMS) reported major security vulnerability in an older release. Within a few hours, hundreds of thousands of systems around the world were compromised by hackers exploiting the vulnerability.

The good news for our customers is that we take security very seriously and we work very hard to minimize hacks and DDoS attacks. With our recent upgrades to our networks, we have significantly reduced the number DDoS attacks. Unfortunately, there is only so much we can do and we need your help to be more security conscious.

We can block the DDoS attacks, we can tell you about the vulnerabilities with your website, but if you don’t act on our recommendations, there is a very good chance you will be the next victim of a hack attack. If your website has been hacked or you feel as though you may have been hacked, please feel free to contact us. We’re here to help you and we want to make sure you get the best service in the industry.

Post navigation

One thought on “The New Norm in Cyber World”

It just so happens that my website was, indeed, recently hacked. According to the technician I spoke with, it had something to do with a ‘Chinese bot’. There were strange, unrelated ‘blog’ pages that I had never uploaded tucked into random unused folders in my file manager. I changed all of my passwords, but the point is that I WOULD NEVER HAVE KNOWN if I hadn’t noticed an unusual amount of traffic to a an unknown page in my website analytics. Is there an easier way to monitor ALL activity or content on a website? Of course, I understand the need to frequently update passwords, but is there something else I’m missing? And how did they gain access to my file manager?